Zerodium hikes bounties for Apple vulnerabilities to as high as $2M
Zerodium — a security firm that pays for exploits discovered by outside researchers — this week increased its bounties for Apple-related vulnerabilities across the board, offering as much as $2 million for the most sensitive ones.
The $2 million figure requires discovering a remote, "zero-click" iOS jailbreak "with persistence," Zerodium said. The company was previously offering $1.5 million, a sum now available to people who identify a "one-click" remote jailbreak.
Bounties have increased from $500,000 to $1 million for iMessage and SMS hacks, $200,000 to $500,000 for "Safari + LPE (iOS) [vulnerabilities] including a sandbox escape," and from $100,000 to $200,000 for flaws allowing privilege escalation to kernel or root in iOS. The greatest proportional leap may be for Touch ID and passcode bypasses, which now pay out $100,000 instead of $15,000.
The biggest bounties are unlikely to be claimed. While remote jailbreaks were possible in the early years of the iPhone, Apple clamped down hard, nominally for security and stability but with the benefit of preventing people from bypassing the App Store. The company normally takes a 30 percent cut from App Store transactions, and has strict rules on what can appear there.
It can likewise be tough to find flaws in iMessage, though malicious links and characters are sometimes used to force Messages to crash.
Exploits collected by Zerodium are used to provide data and security recommendations to clients. The company courts a "limited number of eligible customers," since criminals and others might naturally want to discover easy hacking methods.
Apple has sometimes been accused of paying too little in the way of bounties, capping sums at $200,000. That encourages researchers to turn elsewhere, even though exploits can have a serious impact on iPhone, iPad, and Mac users.